Home

CVE-2018-11761

Description

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
11.027

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-11761,CVE-2018-11796 are fixed in Apache-tika-core 1.19.1Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.1Windows
Vulnerabilities CVE-2018-11761,CVE-2018-11796 are fixed in Apache-tika-core for Linux 1.19.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234